Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-42437 Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-42941 Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) ... | 7.5 | HIGH | β | 0 |
| CVE-2024-42438 Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-42439 Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-42440 Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct ... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-10689 A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The a... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-42679 SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. | 7.8 | HIGH | β | 0 |
| CVE-2024-42940 Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS)... | 7.5 | HIGH | β | 0 |
| CVE-2024-43472 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 5.8 | MEDIUM | β | 0 |
| CVE-2024-42948 Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (D... | 7.5 | HIGH | β | 0 |
| CVE-2024-27729 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-7867 In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | 6.2 | MEDIUM | β | 0 |
| CVE-2024-7851 A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the com... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-7852 A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. ... | 3.5 | LOW | β | 0 |
| CVE-2024-7853 A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_categ... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-42463 Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue a... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-42464 Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue a... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-42465 Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42466 Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7144 The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitiza... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-7145 The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated atta... | 8.8 | HIGH | β | 0 |
| CVE-2024-43381 reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a ... | 5.0 | MEDIUM | β | 0 |
| CVE-2022-33162 IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a signi... | 7.3 | HIGH | β | 0 |
| CVE-2023-47728 IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical ... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-4024 The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-4025 The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-4027 The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. Thi... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-3408 The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-3409 The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' functio... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-42298 In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this ret... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43819 In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_ME... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43821 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43822 In the Linux kernel, the following vulnerability has been resolved: ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe() The value β-ENOMEMβ was assigned to the loca... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43824 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features fro... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43276 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child... | 7.1 | HIGH | β | 0 |
| CVE-2024-43324 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons f... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-43327 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a ... | 7.1 | HIGH | β | 0 |
| CVE-2024-43329 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Stored XSS.This issue affects Allegiant: from n/a throu... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43335 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks β WordPress Gutenberg Blocks allows Stored XSS.This issue aff... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43342 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43308 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS.... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-43309 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-46461 VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, ... | 8.0 | HIGH | β | 0 |
| CVE-2024-44073 The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. | 7.5 | HIGH | β | 0 |
| CVE-2026-33978 Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip me... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-43248 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | 8.6 | HIGH | β | 0 |
| CVE-2024-43249 Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4. | 9.9 | CRITICAL | β | 0 |
| CVE-2024-43250 Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4. | 7.1 | HIGH | β | 0 |
| CVE-2024-7926 A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to pat... | 7.3 | HIGH | β | 0 |
| CVE-2024-7927 A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argu... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.